Yubico Forum
https://forum.yubico.com/

[QUESTION] - how do I use smart lock w/ Yubikey NEO NFC
https://forum.yubico.com/viewtopic.php?f=26&t=1987
Page 1 of 1

Author:  cameraready [ Fri Jul 31, 2015 9:44 pm ]
Post subject:  [QUESTION] - how do I use smart lock w/ Yubikey NEO NFC

I just received my Yubikey NEO and was testing how to unlock my Nexus 5 with the NFC using the smart lock feature in Android 5.1.1. I'm not having much luck getting it to work.

When I hold the fob perfectly flat against the back of the phone it opens Firefox and shows the Yubico webpage saying it successfully authenticated. I can add the key to the registered devices in the smart lock but whenever I unlock the phone it opens Firefox. I added the Yubiclip app and then that becomes the default app when I unlock.

Is this the normal behavior for unlocking the phone with the NFC? I get far more failures than successful unlocks.

Does the fob always have to be flat against the back of the phone to work? I can't see this working if I were to attach it to a key ring.

Author:  an3k [ Tue Aug 04, 2015 1:58 pm ]
Post subject:  Re: [QUESTION] - how do I use smart lock w/ Yubikey NEO NFC

cameraready wrote:
Is this the normal behavior for unlocking the phone with the NFC? I get far more failures than successful unlocks.
Yes, obviously the current implementation of Smart Lock is buggy.
After a given amount of time after your phone is locked Android turns off NFC (but still shows the icon), thus you can't use Smart Lock over NFC to unlock. A solution is to turn off NFC, wait a second and turn it on again. Then unlocking with Smart Lock over NFC works again.

And it is the default behavior that the associated app is opened after you unlock your phone. If you don't want it to do so, you have to uninstall these apps (until a better solution is found).

Author:  Eike [ Sun Sep 13, 2015 10:27 am ]
Post subject:  Re: [QUESTION] - how do I use smart lock w/ Yubikey NEO NFC

On the current CyanogenMod version 12.1-20150912-NIGHTLY-hlte I've no issues with NFC unlock messages after a while trial & error until it did what I wanted it to do:
a) If your NDEF settings made with the YubiKey Personalization Tool point to configuration slot 1, as they do by default IIRC, just set the YubiClip settings to "copy codes to clipboard" and disable the "notification" option. Now every time you unlock your smart locked device a new OTP is copied to the clipboard in the same moment where you unlock the device with a small popup message that disappears after few seconds.

b) Do what I've mentioned in a) except that you disable everything in YubiClip. Now you won't even get a popup message.

c) This is what I use as I don't use the Yubi OTP via NFC. The Yubi Authenticator is what I need and is not affected by changig these settings as it has nothing to do with the slot 1/2 configuration. I used the default NDEF settings and pointed them to slot 2. Further YubiClip is set up as mentioned in a) or b). Seems it doesn't matter. When you now unlock your device you won't even get the few second popup.
The only thing I noticed, as the NDEF points to the empty slot, is that when you read it via NFC with a unlocked screen YubiClip won't care about this and your device suggests you to use app A, B and so on for reading the tag. But as I'm only reading the tag to unlock and for YubiAuth this is just fine for me.

For method a) you are of course incrementing the OTP counter with every unlock process. If this also applies to method b) - I don't know, maybe someone from the Yubi staff will tell us. As I also don't know when this will become and issue and because you commonly unlock your device a few dozen times a day I'm just using c). c) will maybe also work when you are using the slot for something else. In case of a static password I think it's not a big deal. But as mentioned above I don't know when it starts to affect a Yubico OTP, OATH-HTOP or a challenge-response set up.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/